<?php

class Review{
	public function getAction($value){
		if(array_key_exists('review', $value)){
			$this->addReview($value);
			return false;
		}
		if(in_array('__-confirmmessage-__', $value)){
			$this->Confirm($value);
			return false;
		}
		if(in_array('__-deletemessage-__', $value)){
			$this->Delete($value);
			return false;
		}
	}
	private function addReview($value){
		$random = rand(1,99999999999);
		$sql = "INSERT INTO CostBiterReviews (StockCode, User, Rating, Review, Valid) VALUES ('".$value['product']."','".$_SESSION['user']."','".$value['rating']."','".addslashes($value['review'])."',".$random.")";
		$result = DB::query($sql);

		$message = '';
		$message .= '<html><body>';
		$message .= '<table>';
		$message .= '<tr><th align="right">User:</th><td>'.$_SESSION['user'].'</td></tr>';
		$message .= '<tr><th align="right">Rating:</th><td>'.$value['rating'].'</td></tr>';
		$message .= '<tr><th align="right">Review:</th><td>'.$value['review'].'</td></tr>';
		$message .= '<tr><td colspan="2"><a href="http://dev.costbiter.co.uk/moreinfo/'.$value['product'].'/__-confirmmessage-__/'.$random.'">Click to Pass</a><br /><a href="http://dev.costbiter.co.uk/moreinfo/'.$value['product'].'/__-deletemessage-__/'.$random.'">Click to Delete</a></td></tr>';
		$message .= '</body></html>';
		
		$headers  = 'MIME-Version: 1.0' . "\r\n";
		$headers .= 'Content-type: text/html; charset=iso-8859-1'."\r\n";
		$headers .= 'From: CostBiterReview@shebanguk.net';
		
		mail('m.markie@shebanguk.net', 'CostBiter Review', $message, $headers,null);
	}
	private function Confirm($value){
		$sql = "UPDATE CostBiterReviews SET Valid=0 WHERE Valid='".$value['ext']."'";
		$result = DB::query($sql);
	}
	private function Delete($value){
		$sql = "DELETE FROM CostBiterReviews WHERE Valid='".$value['ext']."'";
		$result = DB::query($sql);
	}
}

?>